Lucene search
K

183 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 6:21 a.m.3 views

CVE-2024-33266

SQL Injection vulnerability in Helloshop deliveryorderautoupdate v.2.8.1 and before allows an attacker to run arbitrary SQL commands via the DeliveryorderautoupdateOrdersModuleFrontController::initContent function...

9.8CVSS8.3AI score0.00669EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:11 a.m.8 views

CVE-2023-32115

An attacker can exploit MDS COMPARE TOOL and use specially crafted inputs to read and modify database commands, resulting in the retrieval of additional information persisted by the system...

6.1CVSS6.5AI score0.00217EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:3 a.m.6 views

CVE-2023-36968

A SQL Injection vulnerability detected in Food Ordering System v1.0 allows attackers to run commands on the database by sending crafted SQL queries to the ID parameter...

7.2CVSS8.2AI score0.00897EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 5:39 a.m.5 views

CVE-2010-4721

SQL injection vulnerability in news.php in Immo Makler allows remote attackers to execute arbitrary SQL commands via the id parameter...

7.5CVSS8.8AI score0.02441EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:29 a.m.5 views

CVE-2010-3604

SQL injection vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

7.5CVSS8.7AI score0.01072EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/02 2:55 a.m.7 views

CVE-2025-3708 Le-show Medical Practice Management System - SQL Injection

Le-show medical practice management system from Le-yan has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...

9.8CVSS8.4AI score0.00456EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/04/30 6:9 p.m.9 views

CVE-2024-12706

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in OpenText™ Digital Asset Management. T he vulnerability could allow an authenticated user to run arbitrary SQL commands on the underlying database. This issue affects Digital Asset Management.:...

2.1CVSS7.7AI score0.00188EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/03/21 12:0 a.m.7 views

The vulnerability of the “Emergency Call-112” module, related to the failure to protect the SQL query structure, allows attackers to execute arbitrary SQL code.

The vulnerability of the “Emergency Call-112” module is related to the failure to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL code remotely...

10CVSS6AI score
Exploits0Affected Software1
CNNVD
CNNVD
added 2025/02/24 12:0 a.m.4 views

Agito Computer Life4All SQL注入漏洞

Agito Computer Life4All is a healthy living application from Agito Computer. A SQL injection vulnerability exists in Agito Computer Life4All versions prior to 10.01.2025 that stems from improper neutralization of special elements in SQL commands...

8.8CVSS7.8AI score0.00385EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/02/20 12:0 a.m.4 views

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI version 2024R1.2.2, which stems from not filtering user input...

6.5CVSS7.8AI score0.01274EPSS
Exploits0References1
OSV
OSV
added 2025/02/19 9:1 a.m.7 views

CVE-2025-1135 SQL Injection in ChurchCRM CurrentFundraiser Parameter via BatchWinnerEntry.php

A vulnerability exists in ChurchCRM 5.13.0. and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based and time-based blind SQL Injection vulnerability in the BatchWinnerEntry functionality. The CurrentFundraiser parameter is directly concatenated into an SQL...

9.3CVSS7.6AI score0.00683EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/02/15 12:0 a.m.6 views

PT-2025-6942 · Joomla · Js Jobs

Name of the Vulnerable Software and Affected Versions: JS Jobs plugin versions 1.1.5 through 1.4.3 for Joomla Description: A SQL injection issue allows authenticated attackers, with administrator privileges, to execute arbitrary SQL commands via the searchpaymentstatus parameter in the Employer...

4.7CVSS8.9AI score0.00274EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2025/02/05 6:2 p.m.10 views

CVE-2019-3661

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' in McAfee Advanced Threat Defense ATD prior to 4.8 allows remote authenticated attacker to execute database commands via carefully constructed time based payloads...

8.8CVSS7.7AI score0.01131EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/31 12:0 a.m.6 views

PT-2025-2958 · Easyvirt · Easyvirt Dcscope +1

Name of the Vulnerable Software and Affected Versions: EasyVirt DCScope versions 8.6.0 and earlier EasyVirt CO2Scope versions 1.3.0 and earlier Description: The issue allows remote authenticated attackers to execute arbitrary SQL commands. This can be achieved via various parameters to different...

6.5CVSS7.6AI score0.00482EPSS
Exploits1References4
CVE
CVE
added 2024/12/09 12:0 a.m.68 views

CVE-2024-54921

CVE-2024-54921 affects Kashipara E-learning Management System v1.0, with a SQL injection in /student_signup.php that allows remote attackers to execute arbitrary SQL through the username, firstname, lastname, and class_id parameters, leading to unauthorized database access. The CVSS v3.1 data ind...

9.8CVSS9.1AI score0.00583EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2024/11/07 12:0 a.m.3 views

Wazifa System control.php File SQL Injection Vulnerability

Wazifa System is a content management system. Wazifa System suffers from a SQL injection vulnerability that stems from a lack of validation of externally-entered SQL statements in the parameter to of the file /controllers/control.php. An attacker can exploit this vulnerability to execute illegal...

7.5CVSS8.2AI score0.00421EPSS
Exploits1References1
CNVD
CNVD
added 2024/10/25 12:0 a.m.6 views

Mitel MiCollab SQL Injection Vulnerability (CNVD-2024-42930)

Mitel MiCollab is an enterprise-grade audio, web and video conferencing solution that provides efficient collaboration and communication capabilities. An SQL injection vulnerability exists in Mitel MiCollab, which can be exploited by an attacker to access non-sensitive user configuration...

9.4CVSS8AI score0.00458EPSS
Exploits0References1
OSV
OSV
added 2024/10/21 8:15 p.m.5 views

CVE-2024-47189

The API Interface of the AWV Audio, Web and Video Conferencing component of Mitel MiCollab through 9.8 SP1 FP2 9.8.1.201 could allow an unauthenticated attacker to conduct SQL injection due to insufficient sanitization of user input. A successful exploit could allow an attacker with knowledge of...

7.7CVSS6AI score0.004EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/21 12:0 a.m.12 views

CVE-2024-47223

A vulnerability in the AWV Audio, Web and Video Conferencing component of Mitel MiCollab through 9.8 SP1 FP2 9.8.1.201 could allow an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access...

8.4AI score0.00458EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/10/21 12:0 a.m.4 views

Mitel MiCollab 安全漏洞

Mitel MiCollab is a mobile application that provides voice, video, messaging, audio conferencing, and team collaboration for employees from Mitel Canada. A security vulnerability exists in Mitel MiCollab version 9.8 SP1 FP2 9.8.1.201 and prior versions, which stems from insufficient filtering of...

7.7CVSS7.5AI score0.004EPSS
Exploits0References2
Rows per page
Query Builder